Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-53522 — Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-…

Remote | Denial of Service
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.4 MEDIUM
CVE-2026-53521 — Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_p…

Remote | Authorization
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.5 MEDIUM
CVE-2026-53520 — Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preemp…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through N…

Remote | Authentication
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
9.1 CRITICAL
CVE-2026-53519 — Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_sec…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw…

Remote | Path Traversal
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
5.3 MEDIUM
CVE-2026-49397 — Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumer…

Remote | Information Disclosure
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.1 HIGH
CVE-2026-49396 — Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's a…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on…

Remote | Cross-Site Request Forgery
Jun 12, 2026 Jun 13, 2026
Jun 12, 2026
Jun 13, 2026
7.1 HIGH
CVE-2026-48119 — Nezha Monitoring: Authenticated agents can forge service-monitor results for other users'…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results fo…

Remote | Authorization
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.4 MEDIUM
CVE-2026-47268 — Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the das…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or updat…

Remote | Server-Side Request Forgery
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.5 MEDIUM
CVE-2026-47124 — Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated me…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the serve…

Remote | Authorization
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.1 HIGH
CVE-2026-47120 — Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTa…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule…

Remote | Authorization
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.7 HIGH
CVE-2026-46717 — Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role=…

Remote | Server-Side Request Forgery
Jun 12, 2026 Jun 13, 2026
Jun 12, 2026
Jun 13, 2026
9.9 CRITICAL
CVE-2026-46716 — Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /a…

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cov…

Remote | Misconfiguration
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
0.0 NA
CVE-2026-41158 — GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanis…

| Memory Corruption
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
0.0 NA
CVE-2026-41157 — GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible b…

| Memory Corruption
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
0.0 NA
CVE-2026-41155 — GPU DDK - SharedSecMem mapped into all GPU virtual address spaces

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disr…

| Memory Corruption
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
0.0 NA
CVE-2026-34195 — GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page…

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state w…

| Memory Corruption
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
6.5 MEDIUM
CVE-2026-12131 — CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Pay…

human_resource_management_system | Remote | Injection
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
5.5 MEDIUM
CVE-2025-7019 — Avast antivirus stack overflow when scanning a malformed Office Open XML file

Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus…

| Memory Corruption
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
5.5 MEDIUM
CVE-2025-7018 — Avira antivirus engine null pointer dereference when scanning a malformed PE file

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antiv…

| Memory Corruption
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
7.8 HIGH
CVE-2025-7017 — Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine proces…

| Memory Corruption
Jun 12, 2026 Jun 12, 2026
Jun 12, 2026
Jun 12, 2026
Showing 20 of 6995 Results